Pentester Diaries
13 episodes - English - Latest episode: almost 2 years ago - ★★★★★ - 2 ratingsWelcome to Pentester Diaries, a new podcast series that shines a light on the – not so secret, somewhat anonymized, and at times glamorized life of offensive security professionals. In this series, we will gather pentesters from across the globe to learn more about who they are, what is top of mind for them, how they approach pentesting, and much more. Pentesting isn’t just about finding cool bugs and hackers aren’t just these black hoodies that the media presents. It’s about understanding applications, continuous learning, leveraging the right tools and techniques, as well as collaborating and growing with others. So let’s take off the hacker hoodie and have a real conversation about this growing profession.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Pentester Diaries: Full-time Freelance Pentesting
August 25, 2022 17:00 - 21 minutes - 14.6 MBThis episode of Pentester Diaries is all about full-time freelance pentesting. I sat down with Core Pentesters Harsh Bothra and Parveen Yadav to talk about their lives as full-time freelancers.
Pentester Diaries Ep.10: Journey into Reverse Engineering and Exploit Develpment
November 30, 2021 15:00 - 28 minutes - 19.9 MBIn this episode of Pentester Diaries, we sit down with a vetted Cobalt Core Pentester - Andreea Durga! This podcast includes insights on Andreea’s journey into Reverse Engineering and Exploit Development. Follow Andreea’s work here: https://www.linkedin.com/in/andreea-cristina
Pentest Diaries Ep.9: Certifications with Heath Adams
October 08, 2021 05:00 - 30 minutes - 20.9 MBIn this edition of Pentest Diaries, we had the opportunity to sit down with the founder of TCM Security, Heath Adams! We wanted to chat about the evolving state of the pentesting job market and the role certifications play within that system. TCM Security has amassed 200k students and issued 675 vouchers in a short period of time. We'd like to know more about their impact as new entrants to the certification and education space. Follow Heath's work here: https://twitter.com/thecyberment...
Pentester Diaries Ep.9: Certifications with Heath Adams
October 08, 2021 05:00 - 30 minutes - 20.9 MBIn this edition of Pentest Diaries, we had the opportunity to sit down with the founder of TCM Security, Heath Adams! We wanted to chat about the evolving state of the pentesting job market and the role certifications play within that system. TCM Security has amassed 200k students and issued 675 vouchers in a short period of time. We'd like to know more about their impact as new entrants to the certification and education space. Follow Heath's work here: https://twitter.com/thecyberment...
Android Pentesting
September 02, 2021 12:00 - 51 minutes - 35.7 MBIn this edition of Pentest Diaries, we had the opportunity to sit down with three of our distinguished Core members to talk Android Pentesting: https://twitter.com/harshbothra_ https://twitter.com/pcastagnaro https://twitter.com/b0rn2pwn 1:00 What’s your opening move when starting a pentest? 6:00 What tools are they using? 11:00 Out of Static, Dynamic, API testing, which takes the majority of your time? 18:14 What are some of the blockers you discover in Android pentesting? 26:55 What...
Android Pentesting
September 02, 2021 12:00 - 51 minutes - 35.7 MBIn this edition of Pentest Diaries, we had the opportunity to sit down with three of our distinguished Core members to talk Android Pentesting: https://twitter.com/harshbothra_ https://twitter.com/pcastagnaro https://twitter.com/b0rn2pwn 1:00 What’s your opening move when starting a pentest? 6:00 What tools are they using? 11:00 Out of Static, Dynamic, API testing, which takes the majority of your time? 18:14 What are some of the blockers you discover in Android pentesting? 26:55 What...
Tips for Communicating with Customers
August 09, 2021 11:00 - 29 minutes - 20.4 MBWelcome back to Pentester Diaries. In this episode, Cobalt’s Grahame Turner interviews Core pentester Stefan Nicula on customer communications. Exploring the importance of transparency, alignment, and empathy. Guests: https://twitter.com/TheInstaGrahame https://twitter.com/stefan_nicula Resources: Slack Microsoft Teams
The Importance of Report Writing
June 22, 2021 13:00 - 31 minutes - 21.5 MBWelcome back to Pentester Diaries In this episode, longtime Core member and Cobalt Research Manager, Robert Kugler talks with Grahame Turner, an experienced security technical writer, about report writing, why it’s important, and tips on how to improve your writing as a pentester. Guests: https://twitter.com/robertchrk https://twitter.com/TheInstaGrahame Resources: https://portswigger.net/burp https://cheatsheetseries.owasp.org/ https://developers.google.com/style/voice https://communic...
Understanding Severity Ratings
May 26, 2021 12:00 - 25 minutes - 17.5 MBWelcome back to Pentester Diaries, a podcast series that aims to take off the hacker hoodie and have a real conversation about this growing profession. In this episode, Jon Helmus talks with Joan Bono, a long-time Cobalt Core pentester. They will take a look at understanding pentest severity ratings. Guests: https://twitter.com/Moos1e_Moose https://twitter.com/joan_bono Resources: https://cobalt.io/blog/understanding-the-cvss-base-score-an-essential-guide https://nvd.nist.gov/vuln-metric...
Beyond Security Hygiene
May 11, 2021 11:00 - 33 minutes - 22.7 MBIn this episode, Jon Helmus talks with Shashank Dixit, a long-time cybersecurity professional with a love for the offensive side of security. Jon and Shashank will talk about Beyond Security Hygiene, diving into the fundamentals, and more. Guests: https://twitter.com/shashankdixits https://twitter.com/Moos1e_Moose Resources: https://inservice.sumeru.com/cyber-security/ https://www.virtualbox.org/ https://www.iso.org/isoiec-27001-information-security.html https://owasp.org/www-project-top-t...
Time Management & Pentest Organization
April 16, 2021 09:00 - 40 minutes - 28 MBIn this episode, Jon Helmus talks with Matt Buzanowski, a longtime offensive security professional who has done everything from Red Teaming, mobile, physical pentesting, social engineering, and more. Jon and Matt talk about two important concepts related to pentesting: time management and pentest organization. Guests: https://twitter.com/mateusz_jozef https://twitter.com/Moos1e_Moose Resources: https://www.defcon.org/ https://www.blackhat.com/ https://grayhat.co/ https://owasp.org/www-...
2FA Bypass Techniques
March 29, 2021 09:00 - 30 minutes - 20.9 MBIn this episode, Jon Helmus speaks with Harsh Bothra, a pentester with an appetite for learning and sharing his knowledge. In this episode, they'll examine Multi-Factor Authentication. Guests: https://twitter.com/harshbothra_ https://twitter.com/Moos1e_Moose Resources: - https://harshbothra.tech/ - https://hbothra22.medium.com/ - https://blog.cobalt.io/bypassing-the-protections-mfa-bypass-techniques-for-the-win-8ef6215de6ab?source=friends_link&sk=bfd8bbbbbfe884f7e6016d4bf79e3034 - https:...
Understanding Business Logic
March 10, 2021 17:00 - 39 minutes - 27.5 MBFor our first episode, Jon Helmus talks with Dan Beavin. A pentester with a passion for applying his architect background to security. In this episode, they will dig into business logic. Exploring the importance of understanding every aspect of an application before pentesting. Guests: https://twitter.com/danbeavin https://twitter.com/Moos1e_Moose Resources mentioned: https://portswigger.net/burp https://portswigger.net/burp/documentation/desktop/tools/intruder/using https://portswigger.ne...